diff --git a/server/app/App.php b/server/app/App.php
index 4561269..1106b6a 100644
--- a/server/app/App.php
+++ b/server/app/App.php
@@ -11,6 +11,7 @@ class App
public static Request $req;
public static Auth $auth;
public static array $s = []; // game settings
+ public static array $flashes = []; // flash messages
public function __construct(string $dbPath)
{
@@ -18,12 +19,18 @@ class App
self::$db = new Database($dbPath); // the database
self::$dbPath = $dbPath; // the database path
- // load game settings
- $s = self::$db->q('SELECT * FROM settings WHERE id = 1;');
- self::$s = $s ? $s->fetch() : [];
+ // stuff that can only be loaded if the database is installed
+ if (INSTALLED) {
+ // load game settings
+ $s = self::$db->q('SELECT * FROM settings WHERE id = 1;');
+ self::$s = $s ? $s->fetch() : [];
- // init authentication
- self::$auth = new Auth();
+ // init authentication
+ self::$auth = new Auth();
+ }
+
+ // load flash messages
+ self::$flashes = $_SESSION['flash'] ?? [];
}
public static function performDatabaseReset(): void
@@ -38,4 +45,20 @@ class App
{
return self::$auth->good();
}
+
+ public static function flash(string $key, mixed $value = null): mixed
+ {
+ // get a flash message
+ if ($value === null) return self::$flashes[$key] ?? null;
+
+ // set a flash message
+ $_SESSION['flash'][$key] = $value;
+ self::$flashes[$key] = $value;
+ }
+
+ public function __destruct()
+ {
+ // clean up flash messages
+ $_SESSION['flash'] = [];
+ }
}
diff --git a/server/models/Player.php b/server/models/Player.php
index 00bc693..b2b366a 100644
--- a/server/models/Player.php
+++ b/server/models/Player.php
@@ -40,7 +40,7 @@ class Player
public static function validateCredentials(string $identifier, string $password, bool $fetch = false): int|false
{
// get the player from their username or email
- $player = App::$db->do("SELECT " . ($fetch ? '*' : 'id, password') . " FROM players WHERE username = :i OR email = :i LIMIT 1;", ['i' => $identifier]);
+ $player = App::$db->do("SELECT " . ($fetch ? '*' : 'id, password') . " FROM players WHERE LOWER(username) = :i OR LOWER(email) = :i LIMIT 1;", ['i' => strtolower($identifier)]);
if ($player == false) return false;
$player = $player->fetch();
@@ -52,4 +52,4 @@ class Player
return false;
}
-}
\ No newline at end of file
+}
diff --git a/server/modules/GateModule.php b/server/modules/GateModule.php
index 687bafa..c036187 100644
--- a/server/modules/GateModule.php
+++ b/server/modules/GateModule.php
@@ -9,11 +9,37 @@ class GateModule
$s = App::$req->uri(1) ?? ''; // second segment
$m = App::$req->method; // request method
- if ($s == '' || $s == 'login') return self::login();
+ if ($s == '' || $s == 'login') return self::login($m);
}
- public static function login()
+ public static function login(string $method)
{
- echo render('layout', ['title' => 'Login']);
+ // just display the login page
+ if ($method == 'GET') {
+ echo render('layout', ['title' => 'Login', 'content' => 'gate/login']);
+ return;
+ }
+
+ // handle the login form
+ $id = trim($_POST['id'] ?? ''); // identifier; let a user log in with email or username
+ $pw = $_POST['pw'] ?? ''; // password
+
+ // fields are required
+ if (empty($id) || empty($pw)) {
+ App::flash('error', 'Please fill out all fields.');
+ redirect('/gate/login');
+ }
+
+ // find the user, login if valid
+ $found = App::$auth->login($id, $pw, isset($_POST['remember']));
+
+ // Login is valid!
+ if ($found) {
+ App::flash('success', 'Welcome back!');
+ redirect('/');
+ } else {
+ App::flash('error', 'Player account not found.');
+ redirect('/gate/login');
+ }
}
-}
\ No newline at end of file
+}
diff --git a/server/templates/layout.php b/server/templates/layout.php
index 051efa0..5b39f34 100644
--- a/server/templates/layout.php
+++ b/server/templates/layout.php
@@ -16,19 +16,19 @@
-
-
+
+
-
+
-